This application claims priority of Korean Patent Application No. 10-2003-0068837 filed on Oct. 2, 2003 in the Korean Intellectual Property Office, the disclosure of which is incorporated herein in its entirety by reference.
1. Field of Invention
The present invention relates to the authentication of devices present in a domain, and more particularly, to a method of constructing a unique domain for preventing content from being illegally used by an unauthorized third person in a public key-based architecture and applying the constructed domain to a home network using universal plug and play (UPnP).
2. Description of the Prior Art
As digital and communication technologies have increasingly advanced, a variety of content such as audio or video materials have become popular. There have been proposed a variety of techniques for protecting content against illegal copying and unauthorized distribution. In particular, there have been developed techniques by which content is encrypted and only particular devices can decrypt the encrypted content using predetermined rules. For example, the techniques include a DVD content scrambling system, content protection for recordable media (CPRM), digital transmission content protection (DTCP), high definition content protection (HDCP), content protection system architecture (CPSA), digital rights management (DRM) and the like.
Specifically, with the development of the home network field, there have been proposed techniques for protecting content on a home network. Typical examples of the techniques include “SmartRight” proposed by Thomson Corporation, “OCCAM (Open Conditional Content Access Management”) proposed by Sysco Corporation, or “xCP (extensible Content Protection) Cluster Protocol” proposed by IBM.
“SmartRight” is a technique by which each device constituting a home network has a smart card including a public key certificate and a key for the home network is created by the exchange of certificates among devices using the smart cards.
“OCCAM” is a technique by which respective devices in a home can use content by using a unique “ticket” for each piece of content.
“xCP Cluster Protocol” is a technique based on broadcast encryption, by which the concept of a domain called “cluster” is employed and devices belonging to the same cluster can freely use content among the devices.
As shown in FIG. 1, conventional domain management comprises a master device 110 and slave devices 120, 130 and 140 within an authenticated home domain 100. Domain management is performed between the master device and the slave devices. The process of reproducing content based on the ‘xCP Cluster Protocol’ in accordance with such a configuration of the master device and the slave devices will be described with reference to FIG. 2. The process can be roughly divided into the following processes: a cluster-forming process (S201), a device-authenticating process (S202), a content-encrypting process (S203), and a content-decrypting process (S204). The detailed description thereof will be made below. A server that initially connects with a given home network creates a binding ID (hereinafter, referred to as “IDb”) for the home network (S200). An IDb may be, a unique identifier for a server established upon manufacture of the server or arbitrarily established by a user. When an IDb is thus established, a cluster identified with IDb is formed.
When a device intends to use content present in the server, the device extracts a media key (hereinafter, referred to as “Km”) from a media key block (MKB) by using its own device key set (S210). Thereafter, the device creates its own unique key Kp by using “Km” extracted in step S210 and its own identifier IDp (S212).
When the device intends to go through device authentication, it requests the server to authenticate the device itself (S214).
Specifically, the device sends its own unique “IDp,” a “type” indicating the kind of device, and a hash value of the “type” and “IDp” derived using “Kp,” i.e. h=MAC(IDp∥type)Kp, to the server present in the cluster or an authentication server present outside the home network.
The server obtains Kp′ from Km and IDp, and checks whether a hash value, h′=MAC(IDp∥type)Kp′, which is obtained using Kp′, is identical to the value h already received from the device.
If it is determined that the value h is equal to the value h′, the server sends the device E(IDb) Kp, which is obtained by encrypting IDb using Kp, and the unique identifier IDp of the device, and then adds IDp to an authentication table of the server, “auth.tab.” The authentication for the device can be accomplished by extracting IDb from E(IDb) Kp received from the server (S216).
After the device authentication has been completed, the server encrypts content to be transmitted to the device (S203). A binding key (hereinafter, referred to as “Kb”) is first created using IDb, auth.tab and Km. Here, Kb meets a formula such as Kb=H[IDb ⊕ H[auth.tab], Km].
After Kb is created, the server encrypts the content using a title key (hereinafter, referred to as “Kt”) for protecting the content (S222). Meanwhile, each piece of content contains usage rule (UR) information including copy control information, information on whether the content is allowed to be distributed to the outside, a right to use the content, a valid use period, and the like. The UR information and Kt are encrypted using Kb to produce E(Kt ⊕ H[UR]Kb) (S224).
Meanwhile, the device receives the “auth.tab” from the server, and Kb is obtained from Kb=H[IDb ⊕ H[auth.tab], Km] using the previously extracted Km and IDb (S230). Further, after Kt is extracted from E(Kt ⊕ H[UR]Kb) (S232), the content received from the server is decrypted using the extracted Kt (S234).
In the xCp cluster protocol operating as described above, all devices capable of communicating with the server can automatically join a domain without the process of selecting devices that will join the domain. Further, since IDb is fixed, the values of Kb, Kt, and the like can be calculated even when the device is put outside the domain. However, there is inconvenience in that whenever each device creates its new Kb, the device should receive the auth.tab from the server to calculate the new Kb. Accordingly, there is a need for more secure protection of content through construction of a unique home domain and involvement of a user in device authentication.
Meanwhile, DRM serves as an essential component in the development of the digital industry and also plays an essential role in a home network. Accordingly, an increased need exists for implementing the domain management model described above in the home network. As described above, the related art for applying the domain management technique to a home network uses a direct communication scheme between the master and slave devices in the home network, as shown in FIG. 1. This scheme needs to develop communication protocols adapted for respective domain management. Thus, there is a problem in that compatibility with respective devices is deteriorated. Accordingly, measures to efficiently solve the problem are required. Recently, a lot of companies all over the world have been interested in UPnP (Universal Plug and Play), which has emerged as home network middleware, and produce many products supporting UPnP. UPnP has many advantages in that it can be smoothly incorporated into existing networks due to the use of conventional standard Internet protocols and does not depend on specific operating systems, physical media, or the like. However, since a method of implementing domain management through UPnP remains unknown, there is a need for a method of effectively implementing domain management using UPnP.